2

This is for dynamic inventory for use with AWS

RHEL 7.3

python2-boto-2.45.0-3.el7.noarch

ANSIBLE VERSION

ansible 2.3.1.0
config file = /projects/robomation/ansible.cfg
configured module search path = Default w/o overrides
python version = 2.7.5 (default, Aug 2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

I have several resources running and when i run

ec2.py --list

{
  "_meta": {
    "hostvars": {}
  }
}

Also when i try to run ansible playbooks targeting hosts with certain tags, i get this

[WARNING]: Found both group and host with same name: localhost
...
...
...
skipping: no hosts matched

I am having issues setting up dynamic inventory to work properly. I have my ec2.ini and ec2.py files and ec2.py is set to be executable and i believe i have setup right. Also command does not return error only it returns nothing in body.

[root@robomation robomation]# env | grep ANSIBLE
ANSIBLE_HOSTS=/projects/robomation/inventory/ec2.py

[root@robomation robomation]# env | grep EC2_INI
EC2_INI_PATH=/projects/robomation/inventory/ec2.ini

[root@robomation robomation]# env | grep AWS
AWS_REGION=us-west-2

[root@robomation robomation]# inventory/ec2.py --list
{
  "_meta": {
    "hostvars": {}
  }
}
[root@robomation robomation]# ansible --version
ansible 2.3.1.0
  config file = /projects/robomation/ansible.cfg
  configured module search path = Default w/o overrides
  python version = 2.7.5 (default, Aug  2 2016, 04:20:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]

What do i do to troubleshoot dynamic inventory?

UPDATE:

pip freeze

boto3==1.4.4
botocore==1.5.82

rpm -qa | grep boto

python2-boto-2.45.0-3.el7.noarch
uberrebu
  • 493
  • 5
  • 15
  • 32

1 Answers1

4

The ec2.py dynamic inventory uses boto to make API calls to AWS.

So you might want to check if boto can connect to AWS by running:

python
>>> import boto
>>> s3 = boto.connect_s3()

if you get something like this:

boto.exception.NoAuthHandlerFound: No handler was ready to authenticate. 1 handlers were checked. ['HmacAuthV1Handler'] Check your credentials

your credentials are not correct. There are several ways to configure boto. But for debugging purposes you could simple set AWS_ACCESS_KEY_ID and `AWS_SECRET_ACCESS_KEY' via command line like this:

export AWS_ACCESS_KEY_ID='AK123'
export AWS_SECRET_ACCESS_KEY='abc123'

When using IAM roles you should note that:

IAM Roles are supported by plugins/inventory/ec2.py when using boto 2.5.0 or higher.

When running on an EC2 instance that has an IAM Role assigned, and the role policy allows the ec2:Describe* action, ec2.py --list will work without the need to specify aws_access_key_id or aws_secret_access_key.

Additional actions will need to be allowed in the role policy if ec2.ini defines route53 = True or rds = True. github issue

Henrik Pingel
  • 8,676
  • 2
  • 24
  • 38
  • I ran those commands and did not get any errors..as i mentioned when i run the ec2.py script it does return result just empty...so that says connection works just that it is not retrieving anything...also i am using instance IAM role so not using credential keys – uberrebu Jul 12 '17 at 04:45
  • really need help with this...anyone willing to help? – uberrebu Jul 13 '17 at 04:50
  • I have boto 2.45.0 so isn't that higher than 2.5.0? or you meant 2.50.0? – uberrebu Jul 15 '17 at 15:49
  • The answer in the linked GitHub issue refers to that version. So update your boyo. – Henrik Pingel Jul 15 '17 at 17:31
  • that version is super super old..how is an old version be a fix to a current problem? especially 2.5.0 to 2.45.0? – uberrebu Jul 15 '17 at 23:30
  • anyways i tired to install version and not working..tried yum and also tried pip..not working – uberrebu Jul 16 '17 at 00:02
  • Sorry. I might have overlooked the dot in the version – Henrik Pingel Jul 16 '17 at 07:52
  • what you mean overlooked? the link in the issue takes me to `2.5.0` – uberrebu Jul 16 '17 at 07:59
  • still not working..still getting empty result – uberrebu Jul 21 '17 at 02:23
  • FINALLY WORKED! i applied `route53 = True` and `rds = True` and it worked even with the IAM role without any access_key or secret_access_key..just t he ec2.ini rds and route53 settings to `True` solved it!!!..thanks a lot! – uberrebu Jul 21 '17 at 02:41